Merge pull request playframework#602 from Lejdborg/patch-xxe-injection

Prevent XXE injection when parsing XML
scala-steward · Jul 19, 2023 · e5ab9fb · e5ab9fb
2 parents 97f36e9 + 26c9e74
commit e5ab9fb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala b/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala
@@ -25,7 +25,7 @@ trait XMLBodyReadables {
    * }}}
    */
   implicit val readableAsXml: BodyReadable[Elem] = BodyReadable { response =>
-    xml.XML.load(new InputSource(new ByteArrayInputStream(response.bodyAsBytes.toArray)))
+    XML.parser.load(new InputSource(new ByteArrayInputStream(response.bodyAsBytes.toArray)))
   }
 
 }